From 4db29589a61f2e7cb663c5734f911c02206c7997 Mon Sep 17 00:00:00 2001 From: boris Date: Wed, 9 Jan 2019 20:51:16 +1300 Subject: whole buncha shit FIXME: loader currently corrupts heap on injection because i am retarded --- csgo-loader/csgo-server/Login/RemoteLogin.cpp | 20 +++-- csgo-loader/csgo-server/Networking/TCPServer.hpp | 3 + .../RemoteCode/RemoteInjectionServer.cpp | 1 - .../RemoteCode/RemoteInjectionServer.hpp | 62 -------------- csgo-loader/csgo-server/Server.cpp | 99 ++++++++++++++++++++-- csgo-loader/csgo-server/Server.hpp | 18 +++- csgo-loader/csgo-server/csgo-server.vcxproj | 2 - .../csgo-server/csgo-server.vcxproj.filters | 6 -- 8 files changed, 125 insertions(+), 86 deletions(-) delete mode 100644 csgo-loader/csgo-server/RemoteCode/RemoteInjectionServer.cpp delete mode 100644 csgo-loader/csgo-server/RemoteCode/RemoteInjectionServer.hpp (limited to 'csgo-loader/csgo-server') diff --git a/csgo-loader/csgo-server/Login/RemoteLogin.cpp b/csgo-loader/csgo-server/Login/RemoteLogin.cpp index 2f30e7f..0351f27 100644 --- a/csgo-loader/csgo-server/Login/RemoteLogin.cpp +++ b/csgo-loader/csgo-server/Login/RemoteLogin.cpp @@ -13,7 +13,20 @@ namespace Login // Epic direct casts :---DDDD m_Header = *(RemoteLoginHeader *)&RawLoginHeader[0]; - return true; + + printf("[ => ] User attempting login: %s\n", m_Header.m_Username); + printf("[ => ] User HWID: %llx\n", m_Header.m_HardwareId); + + RemoteLoginResponse Response = GetLoginResponse(); + + printf("[ => ] User response: %02x\n", Response); + + if(Response & ACCESS_AUTHORISED || Response & ACCESS_SPECIAL_USER) + return true; + + printf("[ => ] Login for user %s was rejected!\n", m_Header.m_Username); + + return false; } RemoteLoginResponse RemoteLoginServer::GetLoginResponse() @@ -32,9 +45,6 @@ namespace Login if(strcmp(m_Header.m_Password, "betapassword")) return RemoteLoginResponse::INVALID_CREDENTIALS; - // User failed to obtain HWID? - printf("[ => ] User HWID: %llx\n", m_Header.m_HardwareId); - if(!m_Header.m_HardwareId) { // TODO: Shadow ban the user. @@ -43,7 +53,7 @@ namespace Login } // TODO: Check if the HWID is present in DB. - if(m_Header.m_HardwareId != 0x2F769B06FA897376) + if(m_Header.m_HardwareId != 0xd33a13f59ae35130) return RemoteLoginResponse::INVALID_HARDWARE; // TODO: Check if the user has a subscription. diff --git a/csgo-loader/csgo-server/Networking/TCPServer.hpp b/csgo-loader/csgo-server/Networking/TCPServer.hpp index a29a796..9459136 100644 --- a/csgo-loader/csgo-server/Networking/TCPServer.hpp +++ b/csgo-loader/csgo-server/Networking/TCPServer.hpp @@ -24,6 +24,7 @@ namespace Networking SOCKET m_Socket; Wrapper::Encryption m_Encryption; char m_IpAddress[32]; + public: // Initialiser for TCPConnection class. TCPConnection(SOCKET Connection, const char *IpAddress, Wrapper::Encryption &RSA) : @@ -54,6 +55,8 @@ namespace Networking { return m_Encryption.GetKey(); } + + char *GetIpAddress() { return m_IpAddress; } }; // Basic TCP server. Supports custom connection handling (pass a lambda to the handler list). diff --git a/csgo-loader/csgo-server/RemoteCode/RemoteInjectionServer.cpp b/csgo-loader/csgo-server/RemoteCode/RemoteInjectionServer.cpp deleted file mode 100644 index fd3efc0..0000000 --- a/csgo-loader/csgo-server/RemoteCode/RemoteInjectionServer.cpp +++ /dev/null @@ -1 +0,0 @@ -#include diff --git a/csgo-loader/csgo-server/RemoteCode/RemoteInjectionServer.hpp b/csgo-loader/csgo-server/RemoteCode/RemoteInjectionServer.hpp deleted file mode 100644 index b8659ff..0000000 --- a/csgo-loader/csgo-server/RemoteCode/RemoteInjectionServer.hpp +++ /dev/null @@ -1,62 +0,0 @@ -#pragma once - -#include -#include -#include - -using ByteArray = std::vector; - -namespace RemoteCode -{ - // Used for TransactionStart - using ImportedModule = char[64]; - using ImportList = std::vector; - - // Used for TransactionContinue - struct ExportedFunction - { - // I've never seen modules / functions with names - // that were larger than 64 characters. - char m_Module[64]; - char m_Function[64]; - - // Address of exported module / function - uintptr_t m_ModuleAddress; - uintptr_t m_FunctionAddress; - }; - - using ExportList = std::vector; - - // Used for TransactionCommit - struct RemoteInjectionHeader - { - // Used to decrypt the cheat header (first 1000 bytes of image sent back). - uint8_t m_HeaderKey; - - // Used to call entrypoint/TLS callbacks. - uintptr_t m_EntryPoint; - uintptr_t m_TlsDirectory; - }; - - struct RemoteInjectionCode - { - RemoteInjectionHeader m_Header; - - // Actual injection code. - ByteArray m_Code; - }; - - class RemoteInjectionServer - { - public: - // Receive hash of selected cheat. - // Reply with size of image to allocate. - ByteArray Start(ByteArray &Response); - - // Receive client header, send over list of imported functions - ByteArray TransactionStart(ByteArray &Response); - - // Receive list of modules & export addresses - ByteArray TransactionContinue(ByteArray &Response); - }; -} \ No newline at end of file diff --git a/csgo-loader/csgo-server/Server.cpp b/csgo-loader/csgo-server/Server.cpp index f822753..e0f1455 100644 --- a/csgo-loader/csgo-server/Server.cpp +++ b/csgo-loader/csgo-server/Server.cpp @@ -1,15 +1,96 @@ #include -void ConnectionHandler(Networking::TCPConnection &Connection) { - Login::RemoteLoginServer LoginServer; +// 'M1' -> cl request +// 'M2' -> mod request +// 'M3' -> ban request - ByteArray LoginHeader = Connection.ReceiveBytes(); - - if(!LoginServer.Start(LoginHeader)) - return; +namespace Handler +{ + void OnClientConnection(Networking::TCPConnection &Connection) + { + printf("[ !! ] Client at %s requested connection!\n", Connection.GetIpAddress()); + + // Initialize login server for the client. + Login::RemoteLoginServer LoginServer; + + ByteArray LoginHeader = Connection.ReceiveBytes(); + + // Invalid login header. + if(!LoginServer.Start(LoginHeader)) + return; + + printf("[ !! ] Received login header from %s!\n", Connection.GetIpAddress()); + + // Reply with server header. + ByteArray LoginReply = LoginServer.GetResponse(); + Connection.SendBytes(LoginReply); - ByteArray LoginReply = LoginServer.GetResponse(); - Connection.SendBytes(LoginReply); + ByteArray LoginReplyEcho = Connection.ReceiveBytes(); + + if(LoginReply.size() != LoginReplyEcho.size()) + { + printf("[ !! ] Echo from %s invalid, dropping connection!", Connection.GetIpAddress()); + return; + } + + RemoteCode::FileReader File; + + if(!File.Start("csgo-module.dll")) + return; + + // Send them the loader module to inject the cheat. + printf("[ !! ] Sending latest loader module!\n"); + + ByteArray RawLdrModule; + RawLdrModule.insert( + RawLdrModule.begin(), + (uint8_t *)File, + (uint8_t *)(File + File.GetFileLength()) + ); + + Connection.SendBytes(RawLdrModule); + } + + void OnModuleConnection(Networking::TCPConnection &Connection) + { + // The output of this function will be verbose by default. + printf("[ !! ] Module hello from %s!\n", Connection.GetIpAddress()); + } + + void OnBanReqConnection(Networking::TCPConnection &Connection) + { + // Use for forum IP-ban purposes or whatever.. + printf("[ !! ] Client at %s requested ban!\n", Connection.GetIpAddress()); + + // TODO: Ban user? + } + + void OnReceiveConnection(Networking::TCPConnection &Connection) + { + ByteArray Header = Connection.ReceiveRawBytes(); + + if(Header.empty()) + { + printf("[ !! ] Client at %s sent malformed request!\n", Connection.GetIpAddress()); + return; + } + + uint32_t HeaderCode = *(uint32_t *)&Header[0]; + + switch(HeaderCode) + { + case CLIENT_HEADER: // "MB1" + OnClientConnection(Connection); break; + case MODULE_HEADER: // "MB2" + OnModuleConnection(Connection); break; + case BANREQ_HEADER: // "MB3"; + OnBanReqConnection(Connection); break; + + // Drop any malformed clients. + default: + printf("[ !! ] Client at %s sent malformed request!\n", Connection.GetIpAddress()); + } + } } int __stdcall WinMain(HINSTANCE, HINSTANCE, char*, int) @@ -25,7 +106,7 @@ int __stdcall WinMain(HINSTANCE, HINSTANCE, char*, int) if(Result) { // Attach our connection handler. - Server += ConnectionHandler; + Server += Handler::OnReceiveConnection; // Accept any incoming connections. for(;;) diff --git a/csgo-loader/csgo-server/Server.hpp b/csgo-loader/csgo-server/Server.hpp index af07bb0..90def2a 100644 --- a/csgo-loader/csgo-server/Server.hpp +++ b/csgo-loader/csgo-server/Server.hpp @@ -5,6 +5,10 @@ // PLEASE UPDATE THEM ACCORDINGLY. #define SERVER_PORT 0xF2C // Hexadecimal representation of the server port. +#define CLIENT_HEADER 0x4D42310A +#define MODULE_HEADER 0x4D42320A +#define BANREQ_HEADER 0x4D42330A + // Core functionality #include #include @@ -13,7 +17,19 @@ #include #include -#include +//#include + +// Let's separate up the connection handlers :) +namespace Handler +{ + // Branches + void OnClientConnection(Networking::TCPConnection &Connection); + void OnModuleConnection(Networking::TCPConnection &Connection); + void OnBanReqConnection(Networking::TCPConnection &Connection); + + // Default handler + void OnReceiveConnection(Networking::TCPConnection &Connection); +} // It looked nasty in Server.cpp, so I'm putting it here. namespace Utils diff --git a/csgo-loader/csgo-server/csgo-server.vcxproj b/csgo-loader/csgo-server/csgo-server.vcxproj index ad924f6..c702cbb 100644 --- a/csgo-loader/csgo-server/csgo-server.vcxproj +++ b/csgo-loader/csgo-server/csgo-server.vcxproj @@ -31,7 +31,6 @@ - @@ -40,7 +39,6 @@ - diff --git a/csgo-loader/csgo-server/csgo-server.vcxproj.filters b/csgo-loader/csgo-server/csgo-server.vcxproj.filters index 0480d6d..b0c12d7 100644 --- a/csgo-loader/csgo-server/csgo-server.vcxproj.filters +++ b/csgo-loader/csgo-server/csgo-server.vcxproj.filters @@ -31,9 +31,6 @@ RemoteCode - - RemoteCode - @@ -51,9 +48,6 @@ RemoteCode - - RemoteCode - Security -- cgit v1.2.3